CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#115731

HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)

Overview

The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow.

I. Description

"quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host.

II. Impact

A local user may be able to gain elevated privileges and execute arbitrary code.

III. Solution

Apply a patch.

Systems Affected
VendorStatusDate Updated
Hewlett-Packard CompanyVulnerable9-Sep-2002

References


http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11

Credit

This vulnerability was discovered by SNOsoft.

This document was written by Ian A Finlay & Jason A. Rafail.

Other Information

Date Public05/22/2002
Date First Published09/09/2002 12:55:06 PM
Date Last Updated09/09/2002
CERT Advisory 
CVE Name 
Metric3.75
Document Revision8

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2002 Carnegie Mellon University